Aggregator

CVE-2026-43288 | Linux Kernel up to 6.6.127/6.12.74/6.18.15/6.19.5 ext4 ext4_percpu_param_init memory corruption (WID-SEC-2026-1454)

Vuldb Updates
6 hours 37 minutes ago
A vulnerability described as critical has been identified in Linux Kernel up to 6.6.127/6.12.74/6.18.15/6.19.5. Affected by this issue is the function ext4_percpu_param_init of the component ext4. Such manipulation leads to memory corruption. This vulnerability is documented as CVE-2026-43288. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

SHADOWBYT3$ Allegedly Claim Breach of Nintendo, Stealing Sensitive Data

Cyber Security News
6 hours 40 minutes ago

Threat intelligence sources have reported that the threat actor group SHADOWBYT3$ has allegedly breached Nintendo, claiming to have exfiltrated approximately 859 MB of sensitive internal data. The incident, first observed on June 13, 2026, remains unverified at the time of writing. However, early details suggest potential exposure of employee-related information. The alleged breach is linked […]

The post SHADOWBYT3$ Allegedly Claim Breach of Nintendo, Stealing Sensitive Data appeared first on Cyber Security News.

Abinaya

Anthropic Updated Privacy Policy to Include Identity Verification for Claude Users

Cyber Security News
7 hours 30 minutes ago

Anthropic has updated its privacy policy for Claude, adding explicit terminology that allows the company to perform age and identity verification on consumer users. The change signals a tighter security and compliance stance across Claude Free, Pro, and Max plans. It is scheduled to take effect on July 8, 2026. In the revised policy, Anthropic […]

The post Anthropic Updated Privacy Policy to Include Identity Verification for Claude Users appeared first on Cyber Security News.

Abinaya

CVE-2026-40992 | Vmware Spring Boot up to 3.4.16/3.5.14/4.0.6 Configuration certificate validation (CNNVD-202606-3065)

Vuldb Updates
7 hours 38 minutes ago
A vulnerability was found in Vmware Spring Boot up to 3.4.16/3.5.14/4.0.6. It has been classified as problematic. Affected is an unknown function of the component Configuration Handler. Performing a manipulation results in improper certificate validation. This vulnerability is reported as CVE-2026-40992. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-40986 | Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0 cross site scripting (CNNVD-202606-3067)

Vuldb Updates
7 hours 38 minutes ago
A vulnerability marked as problematic has been reported in Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0. Impacted is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-40986. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-40987 | Vmware Spring Integration up to 7.0.4 /SFTP/SMB path traversal (CNNVD-202606-3066)

Vuldb Updates
7 hours 38 minutes ago
A vulnerability described as critical has been identified in Vmware Spring Integration up to 5.5.20/6.3.14/6.4.11/6.5.8/7.0.4. The affected element is an unknown function of the file /SFTP/SMB. Executing a manipulation can lead to path traversal. The identification of this vulnerability is CVE-2026-40987. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-10795 | davidanderson UpdraftPlus Plugin up to 1.26.4 on WordPress wp_loaded signature verification (EUVD-2026-36215 / CNNVD-202606-3068)

Vuldb Updates
7 hours 38 minutes ago
A vulnerability, which was classified as problematic, was found in davidanderson UpdraftPlus Plugin up to 1.26.4 on WordPress. The impacted element is the function UpdraftPlus_Remote_Communications_V2::wp_loaded. The manipulation results in improper verification of cryptographic signature. This vulnerability is cataloged as CVE-2026-10795. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2026-2827 | 100plugins Open User Map PRO Plugin up to 1.4.31 on WordPress versions oum_location_notification cross site scripting (EUVD-2026-36198 / CNNVD-202606-3071)

Vuldb Updates
7 hours 38 minutes ago
A vulnerability categorized as problematic has been discovered in 100plugins Open User Map PRO Plugin up to 1.4.31 on WordPress. This issue affects the function versions. The manipulation of the argument oum_location_notification results in cross site scripting. This vulnerability was named CVE-2026-2827. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2026-35273 | Oracle PeopleSoft Enterprise PeopleTools 8.61/8.62 Updates Environment Management missing authentication (EUVD-2026-36199 / CNNVD-202606-3070)

Vuldb Updates
7 hours 38 minutes ago
A vulnerability labeled as very critical has been found in Oracle PeopleSoft Enterprise PeopleTools 8.61/8.62. The affected element is an unknown function of the component Updates Environment Management. Such manipulation leads to missing authentication. This vulnerability is referenced as CVE-2026-35273. It is possible to launch the attack remotely. Furthermore, an exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2026-40985 | Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0 expression language injection (EUVD-2026-36200 / CNNVD-202606-3069)

Vuldb Updates
7 hours 38 minutes ago
A vulnerability was found in Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0. It has been classified as problematic. The impacted element is an unknown function. This manipulation causes improper neutralization of special elements used in an expression language statement. This vulnerability appears as CVE-2026-40985. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

Critical Microsoft 365 Copilot Vulnerability Allows Attackers to Steal Data in One Click

Cyber Security News
7 hours 42 minutes ago

A critical vulnerability chain in Microsoft 365 Copilot Enterprise that let attackers steal sensitive corporate data, MFA codes, email contents, calendar details, and confidential files with nothing more than a single click on a link pointing to a legitimate Microsoft domain. Dubbed SearchLeak, uncovered by Varonis Threat Labs and tracked as CVE-2026-42824, the flaw earned […]

The post Critical Microsoft 365 Copilot Vulnerability Allows Attackers to Steal Data in One Click appeared first on Cyber Security News.

Guru Baran

CVE-2026-5233 | MIA Pizzy Library prior 1.3.9.26250 improper control of interaction frequency

VulDB Recent Entries
7 hours 46 minutes ago
A vulnerability categorized as problematic has been discovered in MIA Pizzy Library. This issue affects some unknown processing. Executing a manipulation can lead to improper control of interaction frequency. The identification of this vulnerability is CVE-2026-5233. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-6517 | Mattermost Desktop App up to 5.5.13/6.1.x insufficiently protected credentials

VulDB Recent Entries
7 hours 47 minutes ago
A vulnerability was found in Mattermost Desktop App up to 5.5.13/6.1.x. It has been classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes insufficiently protected credentials. This vulnerability is handled as CVE-2026-6517. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-49064 | Stiofan GetPaid Plugin up to 2.8.49 on WordPress insertion of sensitive information into sent data

VulDB Recent Entries
7 hours 47 minutes ago
A vulnerability was found in Stiofan GetPaid Plugin up to 2.8.49 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation results in insertion of sensitive information into sent data. This vulnerability is known as CVE-2026-49064. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

Managed ad